From 0b8a7f5b67566b6230cf51fd9132630e6dbe06de Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 2 Apr 2025 10:10:34 -0400 Subject: [PATCH 1/2] fix strelka annotations. restart strelka containers on config change --- salt/strelka/backend/enabled.sls | 4 ++++ salt/strelka/filestream/enabled.sls | 2 ++ salt/strelka/frontend/enabled.sls | 2 ++ salt/strelka/manager/enabled.sls | 2 ++ salt/strelka/soc_strelka.yaml | 4 ++-- 5 files changed, 12 insertions(+), 2 deletions(-) diff --git a/salt/strelka/backend/enabled.sls b/salt/strelka/backend/enabled.sls index a26905e1f..3a830c9b0 100644 --- a/salt/strelka/backend/enabled.sls +++ b/salt/strelka/backend/enabled.sls @@ -44,6 +44,10 @@ strelka_backend: - restart_policy: on-failure - watch: - file: strelkasensorcompiledrules + - file: backend_backend_config + - file: backend_logging_config + - file: backend_passwords + - file: backend_taste delete_so-strelka-backend_so-status.disabled: file.uncomment: diff --git a/salt/strelka/filestream/enabled.sls b/salt/strelka/filestream/enabled.sls index f04631eca..c90b1e83f 100644 --- a/salt/strelka/filestream/enabled.sls +++ b/salt/strelka/filestream/enabled.sls @@ -41,6 +41,8 @@ strelka_filestream: - {{ XTRAENV }} {% endfor %} {% endif %} + - watch: + - file: filestream_config delete_so-strelka-filestream_so-status.disabled: file.uncomment: diff --git a/salt/strelka/frontend/enabled.sls b/salt/strelka/frontend/enabled.sls index e4ecc7ca5..f95a31a7e 100644 --- a/salt/strelka/frontend/enabled.sls +++ b/salt/strelka/frontend/enabled.sls @@ -46,6 +46,8 @@ strelka_frontend: - {{ XTRAENV }} {% endfor %} {% endif %} + - watch: + - file: frontend_config delete_so-strelka-frontend_so-status.disabled: file.uncomment: diff --git a/salt/strelka/manager/enabled.sls b/salt/strelka/manager/enabled.sls index aec44b4b0..6158a5c28 100644 --- a/salt/strelka/manager/enabled.sls +++ b/salt/strelka/manager/enabled.sls @@ -40,6 +40,8 @@ strelka_manager: - {{ XTRAENV }} {% endfor %} {% endif %} + - watch: + - file: manager_config delete_so-strelka-manager_so-status.disabled: file.uncomment: diff --git a/salt/strelka/soc_strelka.yaml b/salt/strelka/soc_strelka.yaml index 1dc4fa455..609223db6 100644 --- a/salt/strelka/soc_strelka.yaml +++ b/salt/strelka/soc_strelka.yaml @@ -70,8 +70,8 @@ strelka: global: False helpLink: strelka.html advanced: True - type: json - multiline: True + forcedType: "[]{}" + syntax: json 'ScanBatch': *scannerOptions 'ScanBzip2': *scannerOptions 'ScanDocx': *scannerOptions From cd6deae0a78a84fec44d42c6d15716817de11dfe Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 2 Apr 2025 11:20:12 -0400 Subject: [PATCH 2/2] add missing strelka backend scanners to SOC UI annotation file --- salt/strelka/soc_strelka.yaml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/salt/strelka/soc_strelka.yaml b/salt/strelka/soc_strelka.yaml index 609223db6..1a5db261b 100644 --- a/salt/strelka/soc_strelka.yaml +++ b/salt/strelka/soc_strelka.yaml @@ -64,7 +64,7 @@ strelka: helpLink: strelka.html advanced: True scanners: - 'ScanBase64': &scannerOptions + 'ScanBase64PE': &scannerOptions description: Configuration options for this scanner. readonly: False global: False @@ -73,37 +73,53 @@ strelka: forcedType: "[]{}" syntax: json 'ScanBatch': *scannerOptions + 'ScanBmpEof': *scannerOptions 'ScanBzip2': *scannerOptions + 'ScanDmg': *scannerOptions 'ScanDocx': *scannerOptions + 'ScanDonut': *scannerOptions 'ScanElf': *scannerOptions 'ScanEmail': *scannerOptions + 'ScanEncryptedDoc': *scannerOptions + 'ScanEncryptedZip': *scannerOptions 'ScanEntropy': *scannerOptions 'ScanExiftool': *scannerOptions + 'ScanFooter': *scannerOptions 'ScanGif': *scannerOptions 'ScanGzip': *scannerOptions 'ScanHash': *scannerOptions 'ScanHeader': *scannerOptions 'ScanHtml': *scannerOptions 'ScanIni': *scannerOptions + 'ScanIqy': *scannerOptions + 'ScanIso': *scannerOptions 'ScanJarManifest': *scannerOptions 'ScanJavascript': *scannerOptions 'ScanJpeg': *scannerOptions 'ScanJson': *scannerOptions 'ScanLibarchive': *scannerOptions + 'ScanLNK': *scannerOptions + 'ScanLsb': *scannerOptions 'ScanLzma': *scannerOptions 'ScanMacho': *scannerOptions + 'ScanManifest': *scannerOptions + 'ScanMsi': *scannerOptions 'ScanOcr': *scannerOptions 'ScanOle': *scannerOptions + 'ScanOnenote': *scannerOptions 'ScanPdf': *scannerOptions 'ScanPe': *scannerOptions 'ScanPgp': *scannerOptions 'ScanPhp': *scannerOptions 'ScanPkcs7': *scannerOptions 'ScanPlist': *scannerOptions + 'ScanPngEof': *scannerOptions + 'ScanQr': *scannerOptions 'ScanRar': *scannerOptions 'ScanRpm': *scannerOptions 'ScanRtf': *scannerOptions 'ScanRuby': *scannerOptions + 'ScanSevenZip': *scannerOptions 'ScanSwf': *scannerOptions 'ScanTar': *scannerOptions 'ScanTnef': *scannerOptions @@ -111,6 +127,8 @@ strelka: 'ScanUrl': *scannerOptions 'ScanVb': *scannerOptions 'ScanVba': *scannerOptions + 'ScanVhd': *scannerOptions + 'ScanVsto': *scannerOptions 'ScanX509': *scannerOptions 'ScanXml': *scannerOptions 'ScanYara': *scannerOptions